]> WPIA git - gigi.git/blob - tests/org/cacert/gigi/TestCertificate.java
projects / gigi.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Move the "dbObject"s to their own package.
[gigi.git] / tests / org / cacert / gigi / TestCertificate.java
1 package org.cacert.gigi;
2
3 import java.io.IOException;
4 import java.security.GeneralSecurityException;
5 import java.security.KeyPair;
6 import java.security.PrivateKey;
7 import java.security.cert.X509Certificate;
8 import java.sql.SQLException;
9 import java.util.Collection;
10 import java.util.List;
11
12 import org.cacert.gigi.dbObjects.Certificate;
13 import org.cacert.gigi.dbObjects.CertificateProfile;
14 import org.cacert.gigi.dbObjects.Certificate.CSRType;
15 import org.cacert.gigi.dbObjects.Certificate.CertificateStatus;
16 import org.cacert.gigi.dbObjects.Certificate.SANType;
17 import org.cacert.gigi.dbObjects.Certificate.SubjectAlternateName;
18 import org.cacert.gigi.testUtils.ManagedTest;
19 import org.junit.Test;
20
21 import sun.security.x509.GeneralNameInterface;
22 import static org.junit.Assert.*;
23
24 public class TestCertificate extends ManagedTest {
25
26     @Test
27     public void testClientCertLoginStates() throws IOException, GeneralSecurityException, SQLException, InterruptedException, GigiApiException {
28         KeyPair kp = generateKeypair();
29         String key1 = generatePEMCSR(kp, "CN=testmail@example.com");
30         Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key1, CSRType.CSR, CertificateProfile.getById(1));
31         final PrivateKey pk = kp.getPrivate();
32         c.issue(null, "2y").waitFor(60000);
33         final X509Certificate ce = c.cert();
34         assertNotNull(login(pk, ce));
35     }
36
37     @Test
38     public void testSANs() throws IOException, GeneralSecurityException, SQLException, InterruptedException, GigiApiException {
39         KeyPair kp = generateKeypair();
40         String key = generatePEMCSR(kp, "CN=testmail@example.com");
41         Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key, CSRType.CSR, CertificateProfile.getById(1),//
42                 new SubjectAlternateName(SANType.EMAIL, "testmail@example.com"), new SubjectAlternateName(SANType.DNS, "testmail.example.com"));
43
44         testFails(CertificateStatus.DRAFT, c);
45         c.issue(null, "2y").waitFor(60000);
46         X509Certificate cert = c.cert();
47         Collection<List<?>> sans = cert.getSubjectAlternativeNames();
48         assertEquals(2, sans.size());
49         boolean hadDNS = false;
50         boolean hadEmail = false;
51         for (List<?> list : sans) {
52             assertEquals(2, list.size());
53             Integer type = (Integer) list.get(0);
54             switch (type) {
55             case GeneralNameInterface.NAME_RFC822:
56                 hadEmail = true;
57                 assertEquals("testmail@example.com", list.get(1));
58                 break;
59             case GeneralNameInterface.NAME_DNS:
60                 hadDNS = true;
61                 assertEquals("testmail.example.com", list.get(1));
62                 break;
63             default:
64                 fail("Unknown type");
65
66             }
67         }
68         assertTrue(hadDNS);
69         assertTrue(hadEmail);
70
71         testFails(CertificateStatus.ISSUED, c);
72
73         Certificate c2 = Certificate.getBySerial(c.getSerial());
74         assertEquals(2, c2.getSANs().size());
75         assertEquals(c.getSANs().get(0).getName(), c2.getSANs().get(0).getName());
76         assertEquals(c.getSANs().get(0).getType(), c2.getSANs().get(0).getType());
77         assertEquals(c.getSANs().get(1).getName(), c2.getSANs().get(1).getName());
78         assertEquals(c.getSANs().get(1).getType(), c2.getSANs().get(1).getType());
79
80         try {
81             c2.getSANs().remove(0);
82             fail("the list should not be modifiable");
83         } catch (UnsupportedOperationException e) {
84             // expected
85         }
86     }
87
88     @Test
89     public void testCertLifeCycle() throws IOException, GeneralSecurityException, SQLException, InterruptedException, GigiApiException {
90         KeyPair kp = generateKeypair();
91         String key = generatePEMCSR(kp, "CN=testmail@example.com");
92         Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key, CSRType.CSR, CertificateProfile.getById(1));
93         final PrivateKey pk = kp.getPrivate();
94
95         testFails(CertificateStatus.DRAFT, c);
96         c.issue(null, "2y").waitFor(60000);
97
98         testFails(CertificateStatus.ISSUED, c);
99         X509Certificate cert = c.cert();
100         assertNotNull(login(pk, cert));
101         c.revoke().waitFor(60000);
102
103         testFails(CertificateStatus.REVOKED, c);
104         assertNull(login(pk, cert));
105
106     }
107
108     private void testFails(CertificateStatus status, Certificate c) throws IOException, GeneralSecurityException, SQLException, GigiApiException {
109         assertEquals(status, c.getStatus());
110         if (status != CertificateStatus.ISSUED) {
111             try {
112                 c.revoke();
113                 fail(status + " is in invalid state");
114             } catch (IllegalStateException ise) {
115
116             }
117         }
118         if (status != CertificateStatus.DRAFT) {
119             try {
120                 c.issue(null, "2y");
121                 fail(status + " is in invalid state");
122             } catch (IllegalStateException ise) {
123
124             }
125         }
126         if (status != CertificateStatus.ISSUED) {
127             try {
128                 c.cert();
129                 fail(status + " is in invalid state");
130             } catch (IllegalStateException ise) {
131
132             }
133         }
134     }
135 }
WPIA Certificate Web Issuance Platform